Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

Trevuren

Posted 20 July 2005 - 08:05 PM

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window. b. In the left hand column, click "View Topics" c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down. .Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

Using Windows Explorer, please locate and DELETE the following files/folders (with all their content), if they are still present:

c:\r.exeC:\WINDOWS\System32\intell32.exeALCXMNTR.EXE<===You will have to search for this oneC:\Program Files\PSGuard<===FolderC:\WINDOWS\System32\spoolsrv32.exe

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:

Click on scanner

Click on Complete System Scan and the scan will begin.

NOTE: During some scans with ewido it is finding cases of false positives.

You will need to step through the process of cleaning files one-by-one.

If ewido detects a file you KNOW to be legitimate, select none as the action.

DO NOT select "Perform action on all infections"

If you are unsure of any entry found select none for now.

When the scan is finished, click the Save report button at the bottom of the screen.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked! Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.Let us know if any problems persist.

tay

Posted 21 July 2005 - 09:23 AM

tay

Member

Topic Starter

Member

20 posts

Hi Trevuren,

When I tried to reboot into safe mode, the computer shows the safe mode screen but never loads it. The hourglass just stays on the screen. I tried several times and ended up letting it sit for a couple of hours on the safe mode screen but nothing ever loads up. The problem is that now when I try to boot into NORMAL mode, a fatal error screen shows up telling me that trojan-spy.HTML.smitfraud has caused the computer to not be able to run in NORMAL mode. So I'm left with a computer that I can't do anything out of the safe or normal modes in. Any suggestions on what my next step should be. Thanks for your help.

Posted 21 July 2005 - 11:49 AM

tay

Posted 21 July 2005 - 12:00 PM

tay

Member

Topic Starter

Member

20 posts

Its been off for several hours now. When I get home, I'll try it again.

I don't have recovery disks, but there is the built in recovery system (restores to purchase condition) but I will lose some downloaded/installed programs if I use this according to their warnings. I would rather not do this. I should have updated the recovery system. Lesson learned!